Printed from www.pcpro.co.uk
DIY phishing kits widely available on the Net
Posted on 19 Aug 2004 at 11:33
DIY phishing kits are being widely made available on the Internet warns the security company Sophos.
'Phishing' is the practice of duping people to reveal sensitive financial information by means of bogus websites and emails, often purporting to come from trusted sources. This development can only increase the incidence of attacks. Indeed, these are already starting to rival spam in terms of the numbers of emails involved - Phishing scams rival virus attacks in email tally
'Until now, phishing attacks have been largely the work of organised criminal gangs,' warned Graham Cluley, senior technology consultant at Sophos. 'The emergence of these "build your own phish" kits, however, mean that any old Tom, Dick or Harry can now mimic bona fide banking websites and convince customers to disclose sensitive information such as passwords, PIN numbers and account details.'
According to Sophos, the DIY kits contain graphics, source code and example text to help construct bogus websites that have the look-and-feel of legitimate online banking sites. Inevitably, there is also a link with spamming - software is included that enables potential fraudsters to pump out phishing emails as bait.
The motive, of course, is financial and eastern European gangs are already specialising in such attacks. Others are likely to try and follow in such fraudulent footsteps. 'There is plenty of profit to be made from Phishing,' said Cluley. 'By putting the necessary tools in the hands of amateurs, it's likely that the number of attacks will continue to rise.'
Certainly the current prevalence of phishing should not be underestimated. Such scams are already estimated to cost banks and other financial institutions as much as $400mn in fraud this year, according to research group Financial Insights. And reported incidences of phishing scams are running at more than a thousand a month, according to the Anti-Phishing Working Group. Such a situation can only worsen if Phishing-kiddies start getting in on the act, too.
You can see examples of phishing scams in this earlier article.
See also:
Cost of Phishing scams estimated at $400mn this year
Phishing scams rival virus attacks in email tally
Phishing scams rise 50 per cent in a month
Phishing: Real scams, fake sites
Author: Alun Williams
advertisement
- Microsoft shows courage at Tech-Ed 09
- PowerPoint and Silverlight: a perfect match?
- Why all the fuss over Windows Explorer?
- Your iPhone has a virus? Well it's your fault
- Motorola pays Lucas for its Droid
- Where are the killer apps for Windows?
- Will you hit the Orange iPhone "unlimited" cap?
- USB 3 first benchmark - it's here, and it's fast
- Why Windows 7 has forced me to worry about security
- How Dixons is (under)selling Windows 7
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
- Building a better Google
- Beware HP's horrendous printer-driver glitch
- Microsoft debuts free Morro antivirus package
- Getting started with Search Server 2008 Express
advertisement
